Section 1: Security Overview Flashcards

1
Q

What is Confidentiality?

A

Information has not been disclosed to unauthorized people (anything that mentions encryption has to do with confidentiality)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Integrity?

A

Information has not been modified or altered without proper authorization (for example, a bank teller can’t change your bank balance wily nilly; hashing)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is availability?

A

Information is able to be stored, access, or protected at all times

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the three A’s

A

Authentication, Authorization and Accounting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Authentication

A

When a person’s identity is established with proof and confirmed by a system (entering in email and password and granted access, for example)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the five methods of authentication?

A

Something you know, something you are, something you have, something you do and somewhere you are

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is authorization?

A

Occurs when a user is given access to a certain piece of data or certain areas of a building

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is accounting?

A

Tracking of data, computer usage, and network resources (usually put in a log file)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is malware?

A

Short-hand term for malicious software (trojan horses, spyware, rootkits, adware, ransomware, etc.)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Unauthorized Access

A

Occurs when access to computer resources and data happens without the consent of the owner (guessing a password, etc.)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

System Failure

A

When a computer crashes or system fails (BSOD, etc.)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Social Engineering

A

Act of manipulating users into revealing confidential information (phishing, etc.)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the three categories that can be used when mitigating threats?

A

Physical, technical, and administrative controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Physical Controls

A

Alarm systems, locks, surveillance cameras, id cards, closed circuit tv

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Technical Controls

A

Smart cards, encryption, access control lists, intrusion detection systems, and network authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Administrative Controls

A

Policies, procedures, security awareness training, contingency planning, and disaster recovery plans

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are the two categories we can further break down administrative controls?

A

Procedural controls and regulatory or legal controls

18
Q

What is the most cost effective security control you can utilize?

A

User training

19
Q

Administrative controls are also referred to as…

A

Managerial controls

20
Q

What are the five types of hackers?

A

White hats, red hats, blue hats, gray hats, and elite

21
Q

White Hat Hacker

A

Non-malicious hackers who attempt to break into a company’s systems at the company’s request

22
Q

Black Hat Hacker

A

Malicious hackers who break into computer systems and networks without authorization or permission

23
Q

Gray Hat Hacker

A

Hackers without any affiliation to a company that attempts to break into a company’s network and risks breaking the law

24
Q

Blue Hat Hacker

A

Hackers who attempt to hack into a network with permission of the company but are not employed by the company

25
Q

Elite Hackers

A

Hackers who find and exploit vulnerabilities before anyone else does (1 in 10,000 are elite)

26
Q

What are the five kinds of threat actors?

A

Script Kiddies, Hacktivists, advanced persistent threats

27
Q

Hacktivists

A

Hackers who are drive by a cause like social change, political agendas, or terrorism

28
Q

Organized Crime

A

Hackers who are part of a crime group that is well-funded and highly sophisticated

29
Q

Advanced Persistent Threats

A

Highly trained and funded groups of hackers (often by nation states) with covert and open-source intelligence at their disposal

30
Q

What factors can we use to weigh the value of the intelligence we receive?

A

Timeliness, relevancy, accuracy, and confidence level

31
Q

What does the MISP Project do?

A

Codifies the user of admiralty scale for grading data and estimative language

32
Q

Where can you get information from?

A

Proprietary (subscription fee), Closed-Source (derived from own research or mined like FireEye), Open-Source (available without subscription)

33
Q

What are Open-Source examples?

A

US-CERT, UK’s NCSC, ATT Security (OTX), MISP, VirusTotal, Spamhaus, SANS ISC Suspicious Domains

34
Q

What is implicit knowledge?

A

Can only get from experienced practitioners (from experience)

35
Q

What is Open Source Intelligence?

A

What people can find out from public records, websites and social media

36
Q

Threat Hunting

A

Looking for threats instead of waiting for an attack

37
Q

How do you do threat hunting?

A

Establish a hypothesis, profile threat actors and activities (create a scenario on how they’re going to do and what they might do)

38
Q

What are the benefits of threat hunting?

A

Improve detection capabilities, integrate intelligence, reduce attack surface, block attack vectors, identify critical assets

39
Q

What is the Lockheed Martin Kill Chain?

A

A model developed by Lockheed Martin that describes the stages by which a threat actor progresses a network intrusion

40
Q

What is the MITRE ATT&CK framework?

A

A knowledge base maintained by the MITRE Corporation for listing and explaining specific adversary tactics, techniques, and common knowledge or procedures (attack.mitre.org)

41
Q

Diamond Model of Intrusion Analysis

A

A framework for analyzing cybersecurity incidents and intrusions by exploring the relationships between four core features: adversary, capability, infrastructure, and victim